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REMARKS 
35 U.S.C. § 103. Claim Rejections. 

3-22. Claims 1-46 are rejected under 35 U.S.C. §1 03(a) as being unpatentable 
5 over Bhat et al. (U.S. Pub. No. 20050240763)(hereinafter Bhat) in view of 
Barriga-Caceres et al. (U. S. Pub. No. 200301 63733)(hereinafter Barriga). 

Regarding Claim 1, the Office Action slates that "Bhat discloses a system, 
comprising: 

10 at least one first identity comprising any of a user, a user agent and a 

principal (Bhat: [0063H0064]: user ID and password); 

an authentication agency (Bhat: [0065]: authentication service module); 
means for sending a login request from the first identity to the 
authentication agency (Bhat: [0063]-[0065]; 
15 means for receiving an assertion at the first entity from the authentication 

agency in response to the log in request (Bhat [0066]: receive the login token); 

means for authenticating the first entity at a participant with the received 
assertion (Bhat: [0050]; the URL access service); 

means for sending a request for service on behalf of the first identity from 
20 a second identity comprising any of the participant and a service consumer 
associated with the participant to any of the authentication agency and a 
discovery service associated with the authentication agency, using the assertion 
(Bhat: [0031]: the URL access service determines access is authorized). 

25 The Office Action concedes that "Bhat does not explicitly disclose means for 
sending an authorization from the authentication agency to the second entity for 
the requested service in response to the sent request if the first entity is enabled 
for the requested service." 

30 However, the Office Action also states that "Barriga discloses that limitation 
(Barriga: [0037]-[0038]: the service provider requests verification of the 
assertion). It would have been obvious to one having ordinary skill in the art to 
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provide the authentication assertion reference as token to client and allow the 
service provider to validate the assertion from the authentication provider 
because authentication provider is the intermediate entity between the client and 
service provider." 

5 

The Examiner also stated that "As per claim 11, 23, and 33, claims 11, 23, and 
33 encompass the same scope as claim 1. Therefore claims 11, 23, and 33 are 
rejected based on the reasons set forth in rejecting claim 1". 

10 Applicant disagrees that Claims 1, 11, 23 and 33 are unpatentable over Bhat in 
view of Barriga. Applicant also submits that independent Claims 11, 23, and 33 
do not have the identical scope as Claim 1, and should therefore be separately 
considered. 

15 Hilton Davis / Festo Statement 

Applicant has amended Claims 1 , 1 1 , 23 and 33, for convenience in prosecution, 
and reserves the right to present the same or similar claims in a related 
Application. The amendments herein were not made for any reason related to 
patentability. 

20 

Applicant has amended independent Claim 1, to claim a system, comprising: 
a device; 

at least one first entity associated with the device, the first entity 
comprising any of a user, a user agent and a principal; 
25 a first user identifier in a first namespace associated with the first entity, 

the first user identifier comprising any of a name identifier and an identity 
assertion; 

a second user identifier in a second namespace associated with the first 
entity, the second user identifier known to a service provider, the second 
30 namespace disparate from the first namespace, wherein the first user identifier 
and the second user identifier are pseudonymous to each other; 
an authentication agency; 
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means for sending a login request from the first entity to the authentication 
agency; 

means for receiving an assertion at the first entity from the authentication 
agency in response to the log in request; 
5 means for sending the received assertion and the first user identifier in the 

first namespace to a participant; 

means for authenticating the first entity at the participant with the received 
assertion; 

means for sending the first user identifier in the first namespace and a 
10 request for service on behalf of the first entity from a second entity comprising 
any of the participant and a service consumer associated with the participant to 
any of the authentication agency and a discovery service associated with the 
authentication agency, using the received assertion, the request for service 
comprising a request for a service descriptor for locating the service provider, 
1 5 and a request for a service assertion for accessing the service provider; 

means for translating the first user identifier in the first namespace to the 
second user identifier in the second namespace at the authentication agency; 

means for an sending the service descriptor, the service assertion, and the 
second user identifier from the authentication agency to the second entity in 
20 response to the sent request for service if the first entity is enabled for the 
requested service, wherein the sent second user identifier is sent in a format that 
the second entity is blinded to the second user identifier; 

means for sending the service assertion to the service provider; and 
means for providing the requested service for the second entity at the 
25 service provider in response to the received service assertion if the second entity 
is authorized for the requested service by the user. 

Applicant has amended independent Claim 11, to claim a system, comprising: 
an authentication agency 
30 for authenticating a first entity comprising any of a user, a user 

agent and a principal, the first entity having a first user identifier in a first 
namespace and a second user identifier in a second namespace, the 
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second user identifier known to a service provider, the first user identifier 
comprising any of a name identifier and an identity assertion, the second 
namespace disparate from the first namespace, wherein the first user 
identifier and the second user identifier are pseudonymous to each other, 
5 for sending an assertion to a device corresponding to the first entity, 

and 

for translating the first user identifier in the first namespace to the 
second user identifier in the second namespace; and 
at least one second entity comprising 
10 means for receiving the assertion and the first user identifier from 

the first entity, 

means for authenticating the first entity at the second entity with the 
received assertion, 

.means for sending a request for service and the first user identifier 
15 on behalf of the first entity to any of the authentication agency and a 

discovery service associated with the authentication agency, 

means for receiving an authorization sent from the authentication 
agency in response to the sent request if the first entity is enabled for the 
requested service; 

20 means for receiving the second user identifier sent from the 

authenticating agency in a format that the second entity is blinded to the 
second user identifier; 

means for invoking the requested authorized service at the service 
provider with the received authorization and the received second user 
25 identifier, and 

means for receiving the invoked requested service from the service 
provider at the second entity if the second entity is authorized for the 
invoked requested service by the user. 

30 Applicant has amended independent Claim 23, to claim a process, comprising 
the steps of: 
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sending a login request from a first entity associated with a device to an 
authentication agency, the first entity comprising any of a user, a user agent and 
a principal, the first entity having a first user identifier in a first namespace and a 
second user identifier in a second namespace, the second user identifier known 
5 to a service provider, the first user identifier comprising any of a name identifier 
and an identity assertion, the second namespace disparate from the first 
namespace, wherein the first user identifier and the second user identifier are 
pseudonymous to each other; 

receiving an assertion at the first entity from the authentication agency in 
10 response to the log in request; 

sending the received assertion and the first user identifier to a participant; 

authenticating the first entity at the participant with the received assertion; 

sending the first user identifier in the first namespace and a request for a 
service on behalf of the first entity from a second entity comprising any of the 
15 participant and a service consumer associated with the participant to any of the 
authentication agency and a discovery service associated with the authentication 
agency, using the assertion; 

translating the first user identifier in the first namespace to the second 
user identifier in the second namespace at the authentication agency; 
20 sending an authorization and the translated second user identifier from the 

authentication agency to the second entity for the requested service in response 
to the sent request if the first entity is enabled for the requested service, wherein 
the translated second user identifier is sent in a format that the second entity is 
blinded to the second user identifier; 
25 sending the authorization from the second entity and to the service 

provider; and 

providing the requested service for the second entity at the service 
provider in response to the sent authorization if the second entity is authorized 
for the requested service by the user. 

30 

Applicant has amended independent Claim 33, to claim a process, comprising 
the steps of: 
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providing an authentication agency networked to a service; 

establishing an identity at the authentication agency for a first entity 
associated with a device, the first entity comprising any of a user, a user agent 
and a principal, the first entity having a first user identifier in a first namespace 
5 and a second user identifier in a second namespace, the second user identifier 
known to a service provider, the first user identifier comprising any of a name 
identifier and an identity assertion, the second namespace disparate from the 
first namespace, wherein the first user identifier and the second user identifier 
are pseudonymous to each other; 
10 sending authentication information from the authentication agency to the 

device; 

sending the authentication information and the first user identifier from the 
device to a participant; 

authenticating the first entity at the participant with the authentication 
15 information; 

sending the first user identifier in the first namespace and a request for a 
service on behalf of the first entity from a second entity comprising any of the 
participant and a service consumer associated with the participant to any of the 
authentication agency and a discovery service associated with the authentication 
20 agency; 

translating the received first user identifier in the first namespace to the 
second user identifier in the second namespace at the authentication agency; 

sending an authorization and the translated second user identifier from the 
authentication agency to the second entity to access the service on behalf of the 
25 first entity if the first entity is enabled for the service by the authentication 
agency; 

establishing a link between the second entity and the service provider, 
based upon the authorization and the translated second user identifier; and 

providing the requested service for the second entity at the service 
30 provider in response to the sent authorization and the translated second user 
identifier, if the second entity is authorized for the requested service by the user. 
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Support is seen in the Application as filed, at least on page 4, lines 24-31; on 
page 6, lines 22-24; on page 7, lines 1-17; on page 7, line 28 to page 8, line 4; 
on page 8, line 12 to page 9, line 8; on page 10, lines 14-16; on page 10, line 20 
to page 12, line 17; on page 12, lines 23-28; oh page 15, line 31 to page 17, line 
5 15; on page 21, lines 5-33; on page 22, line 7 to page 23, line 13; and in Figures 
1-6, 9, and 12-16. 

Applicant respectfully submits that, even in combination, Bhat and Barriga fail to 
meet Claims 1, 11, 23 and 33, as amended. 

10 

Bhat et al. describe a web based applications single sign on system and method, 
as seen at least in [0021]-[0023], in [0026]-[0029], in [0046], and in the Abstract, 
wherein: 

15 "In an enterprise server system having a server, a web-base applications 

single sign-on method and system. The single sign-on system includes 
logic for assigning and retrieving uniquely identifying tokens that are 
assigned to a user attempting to access one of many applications in the 
server. The token is assigned after the user has successfully logged into 

20 the server. The assigned token enables the user to access different 

applications in the server without having to authenticate every time the 
user goes from one application to the other. In one embodiment of the 
present invention, the single sign-on system includes a token that 
provides a listening mechanism for the applications that need to be 

25 notified when a token expires in order to deny access to the particular 

user identified with the expired token." 

Bhat describes further details of authentication associated with user access is 
seen at least in [0050], wherein: 

30 

"In the environment depicted in FIG. 2, for the user to access protected 
resources or services, the user must authenticate. If the user 
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authenticates successfully and if the user is authorized to access the 
resources, the user is given access to the resource." 

Applicant submits that, while Bhat describes the assignment of tokens for user 
5 access to access different applications during user browsing, the system and 
method described by Bhat significantly different than Claims 1, 11, 23 and 33 as 
amended. 

Barriga describe a system, method and apparatus for federated single sign-on 
10 services, as seen at least in the Abstract, wherein: 

"The advent of new and sophisticated web services provided by Service 
Providers to users, services that individually require authentication of user 
and authorization of access, brings the needs for a new service to 

15 facilitate such authentication and access, a service referred to as Single 

Sign-On (SSO). The basic principle behind SSO is that users are 
authenticated once at a particular level, and then access all their 
subscribed services accepting that level of authentication. The present 
invention provides a system, method and apparatus wherein a cellular 

20 Federation of mobile network operators becomes an SSO authentication 

authority for subscribers of this Federation accessing Service Providers 
having such agreement with a mobile network operator of the Federation. 
In accordance with this invention, mobile network operators can leverage 
their operator-subscriber trust relationship in order to act as SSO 

25 authentication authority for those subscribers accessing Service Providers 

in a service domain other than the mobile network domain." 

Applicant also respectfully submits that, while Barriga describe single sign-on 
(SSO) wherein "users are authenticated once at a particular level, and then 
30 access all their subscribed services accepting that level of authentication", 
Barriga is also significantly different than Claims 1 , 1 1 , 23 and 33 as amended. 
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In regard to Claim 1, as amended, there is no disclosure in Bhat and/or Barriga, 
express or implied, of a system, comprising, inter alia, 

"a first user identifier in a first namespace associated with the first entity, 
the first user identifier comprising any of a name identifier and an identity 
5 assertion"; 

"a second user identifier in a second namespace associated with the first 
entity, the second user identifier known to a service provider, the second 
namespace disparate from the first namespace, wherein the first user identifier 
and the second user identifier are pseudonymous to each other"; 
10 "means for sending the first user identifier in the first namespace and a 

request for service on behalf of the first entity from a second entity comprising 
any of the participant and a service consumer associated with the participant to 
any of the authentication agency and a discovery service associated with the 
authentication agency, using the received assertion, the request for service 
15 comprising a request for a service descriptor for locating the service provider, 
and a request for a service assertion for accessing the service provider"; 

"means for translating the first user identifier in the first namespace to the 
second user identifier in the second namespace at the authentication agency"; 

"means for an sending the service descriptor, the service assertion, and 
20 the second user identifier from the authentication agency to the second entity in 
response to the sent request for service if the first entity is enabled for the 
requested service, wherein the sent second user identifier is sent in a format that 
the second entity is blinded to the second user identifier"; 

"means for sending the service assertion to the service provider"; and 
25 "means for providing the requested service for the second entity at the 

service provider in response to the received service assertion if the second entity 
is authorized for the requested service by the user". 

Applicant also submits that there is no suggestion, express or implied, that Bhat 
30 and/or Barriga be modified to meet Claim 1 , as amended. 
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Therefore, a prima facie obviousness case is incomplete because, neither Bhat 
nor Barriga teach or suggest all the claim limitations (MPEP 2142, 2143.03). To 
support the conclusion that the claimed invention is directed to obvious subject 
matter, either the references must expressly or impliedly suggest the claimed 
5 invention or the Examiner must present a convincing line of reasoning as to why 
the artisan would have found the claimed invention to have been obvious in light 
of the teachings of the references (Ex Parte Clapp, 227 USPQ 972, 973 (Bd. 
Pat. App. & Inter. 1985), MPEP 706.02(j)>. As well, the Examiner should 
"determine whether there was an apparent reason to combine the known 
10 elements in the fashion claimed by the patent at issue. To facilitate review, this 
analysis should be made explicit (KSR Int'l Co., v. Teleflex, Inc., No 04-1350 
(U.S. Apr. 30, 2007)). 

In addition, Applicant submits that it would take significant modification and 
15 undue experimentation to meet Claim 1 as amended, based on Bhat and/or 
Barriga. Furthermore, the single sign on system and method described by Bhat 
and the system, method and apparatus for federated single sign-on services 
described by Barriga are individually complete and functional, so there would be 
no reason to use parts from or add or substitute parts between Bhat and Barriga. 

20 

Applicant therefore submits that independent Claim 1, as amended, overcomes 
the rejection under 35 U.S.C. §1 03(a) as being unpatentable over Bhat et al. 
(U.S. Pub. No. 20050240763) in view of Barriga-Caceres et al. (U. S. Pub. No. 
20030163733). 

25 

As Claims 2-10 and 36-39 depend from amended independent Claim 1 as 
amended, and inherently contain all the limitations of the Claims they depend 
from, they are seen to be patentable as well. 



30 In regard to Claim 11, as amended, there is no disclosure in either Bhat or 
Barriga, express or implied, of a system, comprising, inter alia, 
an authentication agency 
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"for authenticating a first entity comprising any of a user, a user 
agent and a principal, the first entity having a first user identifier in a first 
namespace and a second user identifier in a second namespace, the 
second user identifier known to a service provider, the first user identifier 
5 comprising any of a name identifier and an identity assertion, the second 

namespace disparate from the first namespace, wherein the first user 
identifier and the second user identifier are pseudonymous to each other: 
and 

"for translating the first user identifier in the first namespace to the 
10 second user identifier in the second namespace"; and 

at least one second entity comprising 

"means for receiving the assertion and the first user identifier from 
the first entity", 

"means for sending a request for service and the first user identifier 
15 on behalf of the first entity to any of the authentication agency and a 

discovery service associated with the authentication agency", 

"means for receiving an authorization sent from the authentication 
agency in response to the sent request if the first entity is enabled for the 
requested service"; 

20 "means for receiving the second user identifier sent from the 

authenticating agency in a format that the second entity is blinded to the 
second user identifier"; 

"means for invoking the requested authorized service at the service 
provider with the received authorization and the received second user 
25 identifier", and 

"means for receiving the invoked requested service from the service 
provider at the second entity if the second entity is authorized for the 
invoked requested service by the user". 

30 Applicant also submits that there is no suggestion, express or implied, that Bhat 
and/or Barriga be modified to meet Claim 1 1 , as amended. 
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Therefore, a prima facie obviousness case is incomplete because, neither Bhat 
nor Barriga teach or suggest all the claim limitations (MPEP 2142, 2143.03). To 
support the conclusion that the claimed invention is directed to obvious subject 
matter, either the references must expressly or impliedly suggest the claimed 
5 invention or the Examiner must present a convincing line of reasoning as to why 
the artisan would have found the claimed invention to have been obvious in light 
of the teachings of the references (Ex Parte Clapp, 227 USPQ 972, 973 (Bd. 
Pat. App. & Inter. 1985), MPEP 706.02(j)). As well, the Examiner should 
"determine whether there was an apparent reason to combine the known 
10 elements in the fashion claimed by the patent at issue. To facilitate review, this 
analysis should be made explicit (KSR Int'l Co., v. Teiefiex, Inc., No 04-1350 
(U.S. Apr. 30, 2007)). 

In addition, Applicant submits that it would take significant modification and 
15 undue experimentation to meet Claim 11 as amended, based on Bhat and/or 
Barriga. Furthermore, the single sign on system and method described by Bhat 
and the system, method and apparatus for federated single sign-on services 
described by Barriga are individually complete and functional, so there would be 
no reason to use parts from or add or substitute parts between Bhat and Barriga. 

20 

Applicant therefore submits that independent Claim 11, as amended, overcomes 
the rejection under 35 U.S.C. §1 03(a) as being unpatentable over Bhat et al. 
(U.S. Pub. No. 20050240763) in view of Barriga-Caceres et al. (U. S. Pub. No. 
20030163733). 

25 

As Claims 12-22 and 40-42 depend from amended independent Claim 11 as 
amended, and inherently contain all the limitations of the Claims they depend 
from, they are seen to be patentable as well. 

30 In regard to Claim 23, as amended, there is no disclosure in Bhat and/or Barriga, 
express or implied, of a process, comprising the steps of: 

"sending a login request from a first entity associated with a device to an 
authentication agency, the first entity comprising any of a user, a user agent and 
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a principal, the first entity having a first user identifier in a first namespace and a 
second user identifier in a second namespace, the second user identifier known 
to a service provider, the first user identifier comprising any of a name identifier 
and an identity assertion, the second namespace disparate from the first 
5 namespace, wherein the first user identifier and the second user identifier are 
pseudonymous to each other; 

receiving an assertion at the first entity from the authentication agency in 
response to the log in request; 

sending the received assertion and the first user identifier to a participant; 
1 0 authenticating the first entity at the participant with the received assertion; 

sending the first user identifier in the first namespace and a request for a 
service on behalf of the first entity from a second entity comprising any of the 
participant and a service consumer associated with the participant to any of the 
authentication agency and a discovery service associated with the authentication 
1 5 agency, using the assertion; 

translating the first user identifier in the first namespace to the second 
user identifier in the second namespace at the authentication agency; 

sending an authorization and the translated second user identifier from the 
authentication agency to the second entity for the requested service in response 
20 to the sent request if the first entity is enabled for the requested service, wherein 
the translated second user identifier is sent in a format that the second entity is 
blinded to the second user identifier; 

sending the authorization from the second entity and to the service 
provider; and 

25 providing the requested service for the second entity at the service 

provider in response to the sent authorization if the second entity is authorized 
for the requested service by the user." 

Applicant also submits that there is no suggestion, express or implied, that Bhat 
30 and/or Barriga be modified to meet Claim 23, as amended. 
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Therefore, a prima facie obviousness case is incomplete because, neither Bhat 
nor Barriga teach or suggest all the claim limitations (MPEP 2142, 2143.03), To 
support the conclusion that the claimed invention is directed to obvious subject 
matter, either the references must expressly or impliedly suggest the claimed 
5 invention or the Examiner must present a convincing line of reasoning as to why 
the artisan would have found the claimed invention to have been obvious in light 
of the teachings of the references (Ex Parte Clapp, 227 USPQ 972, 973 (Bd. 
Pat. App. & Inter. 1985), MPEP 706.02(j)). As well, the Examiner should 
"determine whether there was an apparent reason to combine the known 
10 elements in the fashion claimed by the patent at issue. To facilitate review, this 
analysis should be made explicit (KSR Int'l Co., v. Teleflex, Inc., No 04-1350 
(U.S.Apr. 30, 2007)). 

In addition, Applicant submits that it would take significant modification and 
15 undue experimentation to meet Claim 23 as amended, based on Bhat and/or 
Barriga. Furthermore, the single sign on system and method described by Bhat 
and the system, method and apparatus for federated single sign-on services 
described by Barriga are individually complete and functional, so there would be 
no reason to use parts from or add or substitute parts between Bhat and Barriga. 

20 

Applicant therefore submits that independent Claim 23, as amended, overcomes 
the rejection under 35 U.S.C. §103(a) as being unpatentable over Bhat et al. 
(U.S. Pub. No. 20050240763) in view of Barriga-Caceres et al. (U. S. Pub. No. 
20030163733). 

25 

As Claims 24-32 and 43-46 depend from amended independent Claim 23 as 
amended, and inherently contain all the limitations of the Claims they depend 
from, they are seen to be patentable as well. 

30 In regard to Claim 33, as amended, there is no disclosure in Bhat and/or Barriga, 
express or implied, of a process, comprising the steps of: 

"providing an authentication agency networked to a service; 

15 



Application No. 10/678,910 Attorney Docket No. AOL0091 

establishing an identity at the authentication agency for a first entity 
associated with a device, the first entity comprising any of a user, a user agent 
and a principal, the first entity having a first user identifier in a first namespace 
and a second user identifier in a second namespace, the second user identifier 
5 known to a service provider, the first user identifier comprising any of a name 
identifier and an identity assertion, the second namespace disparate from the 
first namespace, wherein the first user identifier and the second user identifier 
are pseudonymous to each other; 

sending authentication information from the authentication agency to the 
10 device; 

sending the authentication information and the first user identifier from the 
device to a participant; 

authenticating the first entity at the participant with the authentication 
information; 

15 sending the first user identifier in the first namespace and a request for a 

service on behalf of the first entity from a second entity comprising any of the 
participant and a service consumer associated with the participant to any of the 
authentication agency and a discovery service associated with the authentication 
agency; 

20 translating the received first user identifier in the first namespace to the 

second user identifier in the second namespace at the authentication agency; 

sending an authorization and the translated second user identifier from the 
authentication agency to the second entity to access the service on behalf of the 
first entity if the first entity is enabled for the service by the authentication 

25 agency; 

establishing a link between the second entity and the service provider, 
based upon the authorization and the translated second user identifier; and 

providing the requested service for the second entity at the service 
provider in response to the sent authorization and the translated second user 
30 identifier, if the second entity is authorized for the requested service by the user." 
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Applicant also submits that there is no suggestion, express or implied, that Bhat 
and/or Barriga be modified to meet Claim 33, as amended. 

Therefore, a prima facie obviousness case is incomplete because, neither Bhat 
5 nor Barriga teach or suggest all the claim limitations (MPEP 2142, 2143.03). To 
support the conclusion that the claimed invention is directed to obvious subject 
matter, either the references must expressly or impliedly suggest the claimed 
invention or the Examiner must present a convincing line of reasoning as to why 
the artisan would have found the claimed invention to have been obvious in light 

10 of the teachings of the references (Ex Parte Clapp, 227 USPQ 972, 973 (Bd. 
Pat. App. & Inter. 1985), MPEP 706.02(j)). As well, the Examiner should 
"determine whether there was an apparent reason to combine the known 
elements in the fashion claimed by the patent at issue. To facilitate review, this 
analysis should be made explicit (KSR Int'l Co., v. Teleflex, Inc., No 04-1350 

15 (U.S. Apr. 30, 2007)). 

In addition, Applicant submits that it would take significant modification and 
undue experimentation to meet Claim 33 as amended, based on Bhat and/or 
Barriga. Furthermore, the single sign on system and method described by Bhat 
20 and the system, method and apparatus for federated single sign-on services 
described by Barriga are individually complete and functional, so there would be 
no reason to use parts from or add or substitute parts between Bhat and Barriga. 

Applicant therefore submits that independent Claim 33, as amended, overcomes 
25 the rejection under 35 U.S.C. §1 03(a) as being unpatentable over Bhat et al. 
(U.S. Pub. No. 20050240763) in view of Barriga-Caceres et al. (U. S. Pub. No. 
20030163733). 

As Claims 34 and 35 depend from amended independent Claim 33 as amended, 
30 and inherently contain all the limitations of the Claims they depend from, they are 
seen to be patentable as well. 
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Other Amendments. 

Applicant has amended dependent claims 7, 18, 22, 29, 36, and 38, to provide 
proper antecedent terminology. Applicant has also amended the Specification 
and Drawing to correct minor errors. Applicant also submits that the 
5 amendments do not introduce new matter into the Application. 



Applicant respectfully submits that Claims 1-46 overcome the rejections set forth 
10 in the Office Action. Applicant also submits that the Amendment does not 
introduce new matter into the Application. Based on the foregoing, Applicant 
considers the invention to be in condition for allowance. Applicant earnestly 
solicits the Examiner's withdrawal of the rejections set forth in the Office Action, 
such that a Notice of Allowance is forwarded to Applicant, and the present 
15 application is therefore allowed to issue as a United States Patent. 



CONCLUSION 



Respectfully Submitted, 
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Michael A. Glenn 
Reg. No. 30,176 
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Amendments to the Drawings 

In Figure 1, please replace the reference character "16" associated with element 
entitled "Principal" with reference character "12", as seen in the formal 
5 replacement sheet. 

In Figure 3, please replace the reference character "16" associated with element 
entitled "Principal" with reference character "12", as seen in the formal 
replacement sheet. 

10 

In Figure 3, please replace the reference character "40" with reference character 
"10b", as seen in the formal replacement sheet. 

In Figure 5, please replace the reference character "16" associated with element 
15 entitled "Principal" with reference character "12", as seen in the formal 
replacement sheet. 



